Questions Ask for ccie 400 101 dumps

Cause all that matters here is passing the Cisco 400 101 pdf exam. Cause all that you need is a high score of 400 101 pdf CCIE Routing and Switching (v5.0) exam. The only one thing you need to do is downloading Ucertify ccie 400 101 dumps exam study guides now. We will not let you down with our money-back guarantee.

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/400-101-exam-dumps.html

Q401. Which command drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value, and also causes the Security Violation counter to increment? 

A. switchport port-security violation protect 

B. switchport port-security violation drop 

C. switchport port-security violation shutdown 

D. switchport port-security violation restrict 

Answer: D 

Explanation: 

When configuring port security violation modes, note the following information: 

. protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. 

. restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. 

. shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap notification. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html 

Q402. Which three steps are necessary to enable SSH? (Choose three.) 

A. generating an RSA or DSA cryptographic key 

B. configuring the version of SSH 

C. configuring a domain name 

D. configuring VTY lines for use with SSH 

E. configuring the port for SSH to listen for connections 

F. generating an AES or SHA cryptographic key 

Answer: A,C,D 

Explanation: 

Here are the steps: 

1. Configure a hostname for the router using these commands. 

yourname#configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

yourname (config)#hostname LabRouter 

LabRouter(config)# 

2. Configure a domain name with the ip domain-name command followed by whatever you would like your domain name to be. I used CiscoLab.com. 

LabRouter(config)#ip domain-name CiscoLab.com 

3. We generate a certificate that will be used to encrypt the SSH packets using the crypto key generate rsa command. 

Take note of the message that is displayed right after we enter this command. “The name for the keys will bE. LabRouter.CiscoLab.com” — it combines the hostname of the router along with the domain name we configured to get the name of the encryption key generated; this is why it was important for us to, first of all, configure a hostname then a domain name before we generated the keys. 

Notice also that it asks us to choose a size of modulus for the key we’re about to generate. 

The higher the modulus, the stronger the encryption of the key. For our example, we’ll use a modulus of 1024. 

Q403. Which technology can create a filter for an embedded packet capture? 

A. Control plane policing 

B. Access lists 

C. NBAR 

D. Traffic shaping 

Answer: B 

Explanation: 

A filter can be applied to limit the capture to desired traffic. Define an Access Control List (ACL) within config mode and apply the filter to the buffer: 

ip access-list extended BUF-FILTER 

permit ip host 192.168.1.1 host 172.16.1.1 

permit ip host 172.16.1.1 host 192.168.1.1 

monitor capture buffer BUF filter access-list BUF-FILTER 

Reference: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html 

Q404. What is the main component of Unified MPLS? 

A. Multiple IGPs in the network are used, where the loopback IP addresses of the PE routers are aggregated on the area border routers. 

B. Confederations are used to provide scalability. 

C. The loopback prefixes from one IGP area are redistributed into BGP without changing the next hop. 

D. The ABR is a BGP route reflector and sets next-hop to self for all reflected routes. 

Answer: D 

Explanation: 

Since the core and aggregation parts of the network are integrated and end-to-end LSPs are provided, the Unified MPLS solution is also referred to as "Seamless MPLS." New technologies or protocols are not used here, only MPLS, Label Distribution Protocol (LDP), IGP, and BGP. Since you do not want to distribute the loopback prefixes of the PE routers from one part of the network into another part, you need to carry the prefixes in BGP. The Internal Border Gateway Protocol (iBGP) is used in one network, so the next hop address of the prefixes is the loopback prefixes of the PE routers, which is not known by the IGP in the other parts of the network. This means that the next hop address cannot be used to recurse to an IGP prefix. The trick is to make the ABR routers Route Reflectors (RR) and set the next hop to self, even for the reflected iBGP prefixes. In order for this to work, a new knob is needed. 

Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116127-configure-technology-00.html 

Q405. Refer to the exhibit. 

The VLAN-to-MST mapping is shown. (Assume SW1 acts as root for all possible MST instances.) 

spanning-tree mst configuration name MST 

revision 2 

instance 0 vlan 1-200,301-4094 instance 1 vlan 201-300 

! 

If this topology is deployed, which action is required for traffic to flow on VLAN 200 and 300? 

A. Map VLAN 300 to instance 0. 

B. Map VLAN 200 to instance 2. 

C. Move instance 0 root to SW2. 

D. Move instance 1 root to SW2. 

E. Map both VLANs to instance 2. 

Answer: B 

Q406. Which option describes a limitation of Embedded Packet Capture? 

A. It can capture data only on physical interfaces and subinterfaces. 

B. It can store only packet data. 

C. It can capture multicast packets only on ingress. 

D. It can capture multicast packets only on egress. 

Answer: C 

Explanation: 

Restrictions for Embedded Packet Capture 

. In Cisco IOS Release 12.2(33)SRE, EPC is supported only on 7200 platform. 

. EPC only captures multicast packets on ingress and does not capture the replicated packets on egress. 

. Currently, the capture file can only be exported off the device; for example, TFTP or FTP servers and local disk. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/15-mt/epc-15-mt-book/nm-packet-capture.html 

Q407. Which statement about the NHRP network ID is true? 

A. It is sent from the spoke to the hub to identify the spoke as a member of the same NHRP domain. 

B. It is sent from the hub to the spoke to identify the hub as a member of the same NHRP domain. 

C. It is sent between spokes to identify the spokes as members of the same NHRP domain. 

D. It is a locally significant ID used to define the NHRP domain for an interface. 

Answer: D 

Explanation: 

The NHRP network ID is used to define the NHRP domain for an NHRP interface and differentiate between multiple NHRP domains or networks, when two or more NHRP domains (GRE tunnel interfaces) are available on the same NHRP node (router). The NHRP network ID is used to help keep two NHRP networks (clouds) separate from each other when both are configured on the same router. The NHRP network ID is a local only parameter. It is significant only to the local router and it is not transmitted in NHRP packets to other NHRP nodes. For this reason the actual value of the NHRP network ID configured on a router need not match the same NHRP network ID on another router where both of these routers are in the same NHRP domain. As NHRP packets arrive on a GRE interface, they are assigned to the local NHRP domain in the NHRP network ID that is configured on that interface. 

Reference: 

http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html 

Q408. Which statement about the BGP scope of the cost community is true? 

A. It is shared with IBGP neighbors only. 

B. It is shared with IBGP neighbors and route reflectors. 

C. It is shared with EBGP neighbors only. 

D. It is shared with IBGP and EBGP neighbors. 

E. It is shared with IBGP and confederation peers. 

Answer: E 

Explanation: 

The BGP Cost Community feature introduces the cost extended community attribute. The cost community is a non-transitive extended community attribute that is passed to internal BGP (iBGP) and confederation peers but not to external BGP (eBGP) peers. The cost community feature allows you to customize the local route preference and influence the best path selection process by assigning cost values to specific routes. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/s_bgpcc.html 

Q409. DRAG DROP 

Drag and drop each PHB on the left to the functionality it performs on the right. 

Answer: 

Q410. Refer to the exhibit. 

What will be the extended community value of this route? 

A. RT:200:3000 RT:200:9999 

B. RT:200:9999 RT:200:3000 

C. RT:200:3000 

D. RT:200:9999 

Answer: D 

Explanation: 

Here the route map is being used to manually set the extended community RT to 200:9999